Fix – vSphere Update Manager fails to download patches

This is a quick article to document a fix to an issue I came across the other day with vSphere Update Manager (VUM) failing to download patches.

Error Description

Recently I installed a new instance of vSphere Update Manager. Once I had configured the appropriate settings (including proxy details), I tried to kick off a download to get all of the latest patches from VMware.

This is where I stumbled into an issue. Downloading the patches failed. I checked the vSphere Update Manager logs and found the following error:

vSphere Update Manager Logs?

First step in troubleshooting is to check the logs right? If you don’t know where your Update Manager Logs are stored, then have a look at VMware KB 2038036.

Why is this happening?

After some researching (i.e. googling), I found out that this is a result of vSphere Update Manager not being able to trust or verify the SSL certificate of the URL it is downloading the patches from.

This seems a little weird to me as the download source is from VMware itself! In saying that, I guess it does check the SSL certs before downloading as you can add custom download sources which might not be secure. So I guess this check is valid and a good idea, even though by default it blocks downloading updates.

In any case, this is how you fix it…

Solution

To solve the problem of vSphere Update Manager failing to download patches, complete the following steps:

Change the SslVerifyDownloadCertificate registry key value from a 1 to a 0

Restart the VMware vSphere Update Manager service

Warning: Making this change could potentially be seen as a security risk, as you are no longer going to be validating the SSL certificate prior to downloading. Not a big issue if you are going to be using the default VMware download sources, however it might be more of an issue if using custom download sources.

More Information

I didn’t re-invent the wheel or anything on the solution above. I got it directly from the VMware Knowledge Base. Only reason I even posted this is solution really is for additional visibility and maybe someone else is experiencing the same issue and may not be aware of the fix.